General

  • Target

    73ffd9c3176f4715c79e4569573077b3bb473054adbe679068d87cfbf452f148

  • Size

    478KB

  • Sample

    241108-d2zk2axjhn

  • MD5

    ced1a57877645ae90216b2a3587970b9

  • SHA1

    f7e9977d9af08e71f2cd02673a89296918b4f82c

  • SHA256

    73ffd9c3176f4715c79e4569573077b3bb473054adbe679068d87cfbf452f148

  • SHA512

    9d45d2cfa816d13c81e23bc6b9c29a51c4aaf4bbcf004b1ab6e487f6421b5cbdab1e1d3a8e631c0c804d18a8d4323b25f57333c401a223858f621b3f3843595c

  • SSDEEP

    6144:KXy+bnr+Yp0yN90QEqmb1wKIm4dv3HPeqtzEXFbuBiIsD65Pktm02U/5TkOjyTI:RMrYy90AqBIn1SFm5Zxkth2Ux3h

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      73ffd9c3176f4715c79e4569573077b3bb473054adbe679068d87cfbf452f148

    • Size

      478KB

    • MD5

      ced1a57877645ae90216b2a3587970b9

    • SHA1

      f7e9977d9af08e71f2cd02673a89296918b4f82c

    • SHA256

      73ffd9c3176f4715c79e4569573077b3bb473054adbe679068d87cfbf452f148

    • SHA512

      9d45d2cfa816d13c81e23bc6b9c29a51c4aaf4bbcf004b1ab6e487f6421b5cbdab1e1d3a8e631c0c804d18a8d4323b25f57333c401a223858f621b3f3843595c

    • SSDEEP

      6144:KXy+bnr+Yp0yN90QEqmb1wKIm4dv3HPeqtzEXFbuBiIsD65Pktm02U/5TkOjyTI:RMrYy90AqBIn1SFm5Zxkth2Ux3h

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks